The Hacker News — Cyber Security, Hacking, Technology News

The country which built a Digital Iron Dome, Israel had undergone one of the largest serious cyber attack this year.

This time, the name of Israel is being popped up in the current headlines is for the massive cyber attack which triggered against the Nation's Electrical Power Grid Authority's Network.

"Yesterday we identified one of the largest cyber attacks that we have experienced," Energy Minister Yuval Steinitz confirmed at the CyberTech 2016 Conference at the Tel Aviv Trade Fair and Convention Center on Tuesday, according to an article published by The Times of Israel.

"The virus was already identified and the right software was already prepared to neutralize it," Steinitz added. "We'd to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over...but as of now, computer systems are still not working as they should."

Severe Cyber Attack on Israel Electricity Infrastructure

The 'severe' attack occurred earliest this week, as Israel is currently undergoing record-breaking electricity consumption for last two days with a demand of 12,610 Megawatts due to the freezing temperature, confirmed by Israel Electric Corporation.

However, the officials did not comment upon the perpetrators as they do not suspect any currently, but they did tell Israeli newspaper Haaretz that '[they] are going to solve this problem in the coming hours.'

In Mid-July 2015, the Israel's National Cyber Bureau had already warned about the computer-based hacking attacks, which shut down portions of the country's electricity grid.

The identity of the suspects behind this attack has not been known, neither the energy ministry provides any details about how the attack was carried out.

However, a spokesperson for Israel's Electricity Authority confirmed some of its computer systems had been shut down for two days due to the cyber attack.

Previous Known Cyber Attacks on SCADA Systems

Israel had been the continual victim for many of the cyber attacks previously like OpIsrael (a coordinated attack by anti-Israeli Groups & Palestinians), which was conducted on 7th April 2013, on the eve of Holocaust Remembrance Day with the goal of "Erase Israel from Internet."

Another attack on the Israeli Civilian communication was carried out by Iran & Hezbollah Group last year.

In response to these attacks, Israel had broadened their skills to combat cyber war and become a center for cybersecurity, R&D Labs with multinationals from the US, Europe, and Asia. Israeli Cyber Security firms claimed to export $3 Billion last year.

A similar incident of power outbreak took place a couple of months back in Ukraine on 23rd December, when the country's SCADA system was hit with a trojan named BlackEnergythat resulted in the total power cut across the region named Ivano-Frankivsk of Ukraine.

This Article has been written by our editorial intern. Special Thanks to Rakesh Krishnan for covering this article.

Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology.

Yesterday, Cybersecurity experts revealed that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack, that caused massive traffic congestion in the City.

Isreal military officials are aware of cyber threats that could hit the infrastructure of the country and they afraid the possible effect of a cyber attack on a large scale.

Israeli government websites suffer thousands of cyberattacks each day according Ofir Ben Avi, head of the government's website division. The Israel Electric Corp. confirmed that its servers register about 6,000 unique computer attacks every second.

In June, Prime Minister Benjamin Netanyahu stated that Iran militia, Hezbollah and Hamas have targeted in numerous occasions Israel's "essential systems," including its water facilities, electric grid, trains and banks.

"Every sphere of civilian economic life, let's not even talk about our security, is a potential or actual cyber attack target," said Netanyahu.

Israel's military chief Lt. Gen. Benny Gantz made a high-profile speech recently outlining that within the greatest threats his country might face in the future there is the computer sabotage as a top concern. A sophisticated cyber attack could be used to shut down a banking system of Israel, the national electric grids or a defense system, this is a nightmare for the Defense.

Cybersecurity experts revealed to The Associated Press that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack that has caused serious logistical problems and hundreds of thousands of dollars in damage.

The tunnel is a strategic thoroughfare in the third largest city of the country, and as a demonstration of its importance in the city is exploring the possibility to use the structure as a public shelter in case of emergency.

It seems that the attackers used a malware to hit the security camera apparatus in the Carmel Tunnel toll road in Sept. 8 and to gain its control.

"The attack caused an immediate 20-minute lockdown of the roadway. The next day, the expert said, it shut down the roadway again during morning rush hour. It remained shut for eight hours, causing massive congestion."

The experts that have investigated on the incident exclude that the hypothesis of a state-sponsored attack because the malicious code used was not sophisticated enough to be the work of a hostile government, it is likely the involvement of a group of hacktivists.

Carmelton company that oversees the toll road, blamed a "communication glitch" for the incident, while Oren David, a manager of security firm RSA's anti-fraud unit, said that although he didn't have information about the tunnel incident similar attacks could represent a serious menace for population.

"Most of these systems are automated, especially as far as security is concerned. They're automated and they're remotely controlled, either over the Internet or otherwise, so they're vulnerable to cyberattack," "among the top-targeted countries." said David.

In reality Iranian hackers and other hostile entities have penetrated successfully Israeli systems, Israel has controlled the attacks to track back the hackers, profile their methods of attack and to conduct a disinformation campaign making available false information.

To improve security of critical infrastructure the Israeli civilian infrastructure, Israel's national electric company has recently launched a training program, jointly with cyber defense company CyberGym, to teach engineers and managers of critical plants to detect ongoing cyber attacks.

The attack scenario revealed portends to an escalation of attacks by hostile entities, whether they are cyber criminals, hacktivits or state-sponsored hackers, it's crucial for the Israeli government to invest in improvement of cyber capabilities for its survival.

The new rules allow the Department of Homeland Security to take advantage of the military's cyber-warfare experts and the intelligence capabilities of the National Security Agency in case of attack.

The Obama administration changed federal policy allowing the military to step in and assist during a cyber-attack on domestic soil, reported the New York Times on Oct. 21.
With the exception of natural disasters, the military cannot deploy units within the country's borders. Even for natural disasters, a presidential order is required before moving the troops out.
Under the new agreement between the Department of Defense and Department of Homeland Security, the military's cyber experts can be called upon in case of an attack targeting critical computer networks inside the United States, according to the article.
Robert J. Butler, the Pentagon's deputy assistant secretary for cyber policy, told the Times that the rules change will allow agencies to focus on how to respond to attacks on critical computer networks.
The two agencies "will help each other in more tangible ways than they have in the past," Butler said in an article in Defense News, an Army Times publication. He also said closer collaboration will provide "an opportunity to look at new ways that we can do national cyber incident response."
With the new rules, the officials in charge of domestic security can take advantage of the Pentagon's military expertise and the intelligence expertise of the National Security Agency.
"DoD's focus is really about getting into the mix. We want to plan together and work together with other departments" to ensure that they understand the military's cyber capabilities and that the military understands what other agencies and private companies can do for cyber defense, Butler said.
The memorandum was signed by Homeland Security Secretary Janet Napolitano and Defense Secretary Robert Gates. The memorandum makes a quick and legal response to a cyber-attack possible and prevents time-wasting debates over who's in charge and who has the authority to do what, said the New York Times.
The Department of Homeland Security will still lead cyber-defense efforts, but the Department of Defense will provide cyber-attack expertise to various government entities and a handful of private corporations, said Butler. Officials who helped draft the rules said the goal was to ensure a rapid response to a cyber-threat while balancing civil liberties concerns that may result from misuse of military power.
Butler said teams of lawyers would watch for potential violations of civil liberties.
Once the president gives the order, a team of Pentagon cyber experts will be sent to Homeland Security's operations center, and a team of Homeland Security officials will be dispatched to Fort Meade, where the National Security Agency and the Pentagon's Cyber Command are located, according to the Times article.
The greater part of the government's computer network capabilities are also located at Fort Meade.
Officials decided on the policy change because most of the government's computer network defense capabilities and expertise are within the Pentagon, while most of the key targets are on domestic soil, officials told the New York Times. Targets may be within the government but can also be public-facing operations like financial networks and regional power grids, the paper said.
Improving agency and industry "situational awareness" in cyberspace is a central objective for the Department of Defense, according to Defense News. Developing and maintaining a clear picture of the threats in cyberspace remain difficult because the Internet is evolving every day, Butler said.
In the event of a cyber-attack, it's still extremely difficult to tell who is attacking. It's not even clear what constitutes an attack.
"As we move forward, one of the key things we have is to agree on is the taxonomy," Butler said. There is a lot of discussion about "cyber-war," "cyber-attacks," and "hostile intent," but there is no agreement on exactly what those terms mean.
Homeland Security conducted Cyber Storm 3, a national cyber-incident response framework exercise on how to handle a cyber-attack, at the end of August. Butler said the exercise, which included federal and state entities, private sector, and international partners, helped government officials think through possible scenarios, said Defense News.
"We were able to work out what the threat was, what the appropriate response was, who takes action, how do you determine conditions and postures," he said.

The Military Units that rely on very small aperture terminals (VSATs) for satellite communications in remote areas are vulnerable to cyber attack.

Researchers from cyber intelligence company IntelCrawler recently identified nearly 3 million VSATs, many of them in the United States, and found that about 10,000 of them could be easily accessed because of configuration weaknesses.

"We have scanned the whole IPv4 address space since 2010 and update the results in our Big Data intelligence database, including details about the satellite operator's network ranges, such as INMARSAT, Asia Broadcast Satellite, VSAT internet iDirect, Satellite HUB Pool, and can see some vulnerabilities,"

Researchers have warned that terminals having data transmission rate 4kbps to 16 Mbps used in narrow and broadband data transmission are vulnerable to cyber attack.

VSATs are most commonly used to transmit narrowband data such as credit card, polling or RFID data or broadband data for VoIP or video using the Satellites in geosynchronous orbit generally used for Television & Radio broadcast, direct broadcast, military communication. Its name originated from the relatively small dish antenna with a diameter no longer than 10 feet (3 meters).

IntelCrawler claimed that VSAT can be easily hacked because of poor password policy & default settings. Vulnerable terminals can be used for a planned cyber-attack, to be more precise on distributed network and infrastructure.

Dan Clements, IntelCrawler's President said:

“Many VSAT devices have Telnet access with very poor password strength, many times using default factory settings,”

"Intrusions to such open devices can allow you to monitor all the network traffic related to the exact device or host, sometimes with very sensitive information, which can lead to a compromise of the internal network,"

"The door might be six inches open, and of course you're not going in, but you can see there's a vulnerability there,"

"There's a lot of information that could be used in a nefarious way," Clements said. "Certainly you could put together a plan to go after certain grids or dams or power plants and have access to the centralized network at some point."

According to the report, there are more than 313 open UHP VSAT, 9045 open terminals (HUGHES) and 1,142 terminals (SatLink), that can be easily hacked by malicious attackers.

HUGHES is one of the largest manufacturers of VSATs which are mostly used in offline ATMs by several national central banks. Physical locations of a number of VSATs can be easily searched on Google maps and Google Earth, which could allow attackers to plan more sophisticated physical attacks.

“They are also widely spread in the industrial sector, such as energy, oil and gas, where the whole infrastructure is based on distributed environments located in different regions, cities or sometimes continents. According to statistics, there are 2,931,534 active VSAT terminals in the world now, with the majority installed in the US.” according to the The Comsys VSAT report.

IntelCrawler also found network ranges of government and classified communications, e.g. Ministry of Civil Affairs of China infrastructure in ranges belongs to Shanghai VSAT Network Systems Co. LTD, and Ministry of Foreign Affairs of Turkey in Turksat VSAT Services, that poses critical threat to National Security.

Good news, we bring an amazing deal of this month for our readers, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year.

Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack.

According to a press release published Thursday by the Secret Service of Ukraine (SBU), the next major cyber attack could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day (in Ukrainian: День захисника України, Den' zakhysnyka Ukrayiny).

Authorities warn the cyber attack can once again be conducted through a malicious software update against state government institutions and private companies.

The attackers of the NotPetya ransomware also used the same tactic—compromising the update mechanism for Ukrainian financial software provider called MeDoc and swapping in a dodgy update including the NotPetya computer virus.

The virus then knocked computers in Ukrainian government agencies and businesses offline before spreading rapidly via corporate networks of multinational companies with operations or suppliers in eastern Europe.

Presentation by Alexander Adamov, CEO at NioGuard Security Lab

The country blamed Russia for the NotPetya attacks, while Russia denied any involvement.

The latest warning by the Ukrainian secret service told government and businesses to make sure their computers and networks were protected against any intrusion.

"SBU notifies about preparing for a new wave of large-scale attack against the state institutions and private companies. The basic aim—to violate normal operation of information systems, that may destabilize the situation in the country," the press release reads.

"The SBU experts received data that the attack can be conducted with the use of software updating, including public applied software. The mechanism of its realization will be similar to cyber-attack of June 2017."

To protect themselves against the next large-scale cyber attack, the SBU advised businesses to follow some recommendations, which includes:

Updating signatures of virus protection software on the server and in the workstation computers.

Conducting redundancy of information, which is processed on the computer equipment.

Providing daily updating of system software, including Windows operating system of all versions.

Since the supply chain attacks are not easy to detect and prevent, users are strongly advised to keep regular backups of their important files on a separate drive or storage that are only temporarily connected for worst case scenarios.

Most importantly, always keep a good antivirus on your system that can detect and block any malware intrusion before it can infect your device, and keep it up-to-date for latest infection-detection.

It has been reported that Malaysia's most popular news website Malaysiakini (http://www.malaysiakini.com) has been hit by cyber attack from 11 AM afternoon shutting the website down. The attack created a stir when the website stopped working just before the Sarawak election, making the website inaccessible to the readers. The attack has been diagnosed as Denial-of-service attack which is considered to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

According to the technical team, the cyber attack has resulted in swarming the Malaysiakini servers to the point that they are unable to cope with the massive traffic. Highlighting the attack both the data centers TM Brickfields and Jaring have also been affected.

Malaysiakini.com offers daily news and views in English, Malay, Chinese and Tamil, delivering over 37 million page views and 750,000 video downloads per month to over 1.6 million absolute unique visitors (Google Analytics, August 2008). From July 2008, Malaysiakini became the most read and popular news website in Malaysia.

You might be surprised to know that your security cameras, Internet-connected toasters and refrigerators may have inadvertently participated in the massive cyber attack that broke a large portion of the Internet on Friday.

That's due to massive Distributed Denial of Service (DDoS) attacks against Dyn, a major domain name system (DNS) provider that many sites and services use as their upstream DNS provider for turning IP addresses into human-readable websites.

The result we all know:

Twitter, GitHub, Amazon, Netflix, Pinterest, Etsy, Reddit, PayPal, and AirBnb, were among hundreds of sites and services that were rendered inaccessible to Millions of people worldwide for several hours.

Why and How the Deadliest DDoS Attack Happened

It was reported that the Mirai bots were used in the massive DDoS attacks against DynDNS, but they "were separate and distinct" bots from those used to execute record-breaking DDoS attack against French Internet service and hosting provider OVH.

Here's why: Initially the source code of the Mirai malware was limited to a few number of hackers who were aware of the underground hacking forum where it was released.

But later, the link to the Mirai source code suddenly received a huge promotion from thousands of media websites after it got exclusively publicized by journalist Brian Krebs on his personal blog.

Due to the worldwide news release and promotion, copycat hackers and unprofessional hackers are now creating their own botnet networks by hacking millions of smart devices to launch DDoS attacks, as well as to make money by selling their botnets as DDoS-for-hire service.

Mirai malware is designed to scan for Internet of Things (IoT) devices – mostly routers, security cameras, DVRs or WebIP cameras, Linux servers, and devices running Busybox – that are still using their default passwords. It enslaves vast numbers of these devices into a botnet, which is then used to launch DDoS attacks.

Chinese Firm Admits Its Hacked DVRs and Cameras Were Behind Largest DDoS Attack

More such attacks are expected to happen and will not stop until IoT manufacturers take the security of these Internet-connected devices seriously.

One such IoT electronic manufacturer is Chinese firm Hangzhou Xiongmai Technology which admitted its products – DVRs and internet-connected cameras – inadvertently played a role in the Friday's massive cyber attack against DynDNS.

The Mirai malware can easily be removed from infected devices by rebooting them, but the devices will end up infecting again in a matter of minutes if their owners and manufacturers do not take proper measures to protect them.

What's worse? Some of these devices, which include connected devices from Xiongmai, can not be protected because of hardcoded passwords, and the fact that their makers implemented them in a way that they cannot easily be updated.

"Mirai is a huge disaster for the Internet of Things," the company confirmed to IDG News. "[We] have to admit that our products also suffered from hacker's break-in and illegal use."

The company claimed to have rolled out patches for security vulnerabilities, involving weak default passwords, which allowed the Mirai malware to infect its products and use them to launch massive DDoS attack against DynDNS.

However, Xiongmai products that are running older versions of the firmware are still vulnerable. To tackle this issue, the company has advised its customers to update their product's firmware and change their default credentials.

The electronics components firm would also recall some of its earlier products, specifically webcam models, sold in the US and send customers a patch for products made before April last year, Xiongmai said in a statement on its official microblog.

Hackers are selling IoT-based Botnet capable of 1 Tbps DDoS Attack

Even worse is expected:

The Friday's DDoS attack that knocked down half of the Internet in the U.S. is just the beginning because hackers have started selling access to a huge army of hacked IoT devices designed to launch attacks that are capable of severely disrupting any web service.

Anyone could buy 50,000 bots for $4,600, and 100,000 bots for $7,500, which can be combined to overwhelm targets with data.

Hacker groups have long sold access to botnets as a DDoS weapon for hire – like the infamous Lizard Squad's DDoS attack tool Lizard Stresser – but those botnets largely comprised of compromised vulnerable routers, and not IoT devices like connected cameras, toasters, fridges and kettles (which are now available in bulk).

In a separate disclosure, a hacking group calling itself New World Hackers has also claimed responsibility for the Friday's DDoS attacks, though it is not confirmed yet.

New World Hackers is the same group that briefly knocked the BBC offline last year. The group claimed to be a hacktivist collective with members in China, Russia, and India.

Well, who is behind the Friday's cyber attack is still unclear. The US Department of Homeland Security (DHS) and the FBI are investigating the DDoS attacks hit DynDNS, but none of the agencies yet speculated on who might be behind them.

The DynDNS DDoS attack has already shown the danger of IoT-based botnets, alarming both IoT manufacturers to start caring about implementing security on their products, and end users to start caring about the basic safety of their connected devices.

By now I am sure you have already heard something about the WannaCry ransomware, and are wondering what's going on, who is doing this, and whether your computer is secure from this insanely fast-spreading threat that has already hacked nearly 200,000 Windows PCs over the weekend.

The only positive thing about this attack is that — you are here — as after reading this easy-to-understandable awareness article, you would be so cautious that you can save yourself from WannaCry, as well as other similar cyber attacks in the future.

In this article, we have provided some of the most important primary security tips that you should always follow and advised to share with everyone you care for.

What is Ransomware & Why WannaCry is More Dangerous?

(A simple video demonstrating of WannaCry Ransomware, showing how fast it spreads from system-to-system without any user Interaction)

For those unaware, Ransomware is a computer virus that usually spreads via spam emails and malicious download links; specially designed to lock up the files on a computer, until the victim pays the ransom demand, usually $300-$500 in Bitcoins.

But what makes WannaCry so unique and nasty is its ability to self-spread without even need to click any link or a file.

The WannaCry ransomware, also known as Wanna Decryptor, leverages a Windows SMB exploit, dubbed EternalBlue, that allows a remote hacker to hijack computers running on unpatched Microsoft Windows operating system.

Once infected, WannaCry also scans for other unpatched PCs connected to the same local network, as well as scans random hosts on the wider Internet, to spread itself quickly.

What Has Happened So Far

We have been covering this story since Friday when this malware was first emerged and hit several hospitals across the globe, eventually forcing them to shut down their entire IT systems over the weekend, hence rejecting patients appointments, and cancel operations.

Later this cyber attack brought down many organizations to their knees.

Instead of repeating same details again, read our previous articles dig deeper and know what has happened so far:

Day 2: The Patch Day— A security researcher successfully found a way to slow down the infection rate, and meanwhile, Microsoft releases emergency patch updates for unsupported versions of Windows.

Day 3: New Variants Arrives— Just yesterday, some new variants of WannaCry, with and without a kill-switch, were detected in the wild would be difficult to stop for at least next few weeks.

Isn’t the Cyber Attack Over?

Absolutely not.

This is just beginning. As I reported yesterday, security researchers have detected some new versions of this ransomware, dubbed WannaCry 2.0, which couldn’t be stopped by the kill switch.

What's even worse is that the new WannaCry variant believed to be created by someone else, and not the hackers behind the first WannaCry ransomware.

It has been speculated that now other organized cybercriminal gangs, as well as script-kiddies can get motivated by this incident to create and spread similar malicious ransomware.

How to Protect Yourself from WannaCry Ransomware?

Here are some simple tips you should always follow because most computer viruses make their ways into your systems due to lack of simple security practices:

1. Always Install Security Updates

If you are using any version of Windows, except Windows 10, with SMB protocol enabled, make sure your computer should always receive updates automatically from the Microsoft, and it’s up-to-date always.

2. Patch SMB Vulnerability

Since WannaCry has been exploiting a critical SMB remote code execution vulnerability (CVE-2017-0148) for which Microsoft has already released a patch (MS17-010) in the month of March, you are advised to ensure your system has installed those patches.

Moreover, Microsoft has been very generous to its users in this difficult time that the company has even released the SMB patches (download from here) for its unsupported versions of Windows as well, including Windows XP, Vista, 8, Server 2003 and 2008.

Note: If you are using Windows 10 Creators Update (1703), you are not vulnerable to SMB vulnerability.

3. Disable SMB

Even if you have installed the patches, you are advised to disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows, to prevent against WannaCry ransomware attacks.

Here's the list of simple steps you can follow to disable SMBv1:

Go to Windows' Control Panel and open 'Programs.'

Open 'Features' under Programs and click 'Turn Windows Features on and off.'

4. Enable Firewall & Block SMB Ports

Always keep your firewall enabled, and if you need to keep SMBv1 enabled, then just modify your firewall configurations to block access to SMB ports over the Internet. The protocol operates on TCP ports 137, 139, and 445, and over UDP ports 137 and 138.

5. Use an Antivirus Program

An evergreen solution to prevent against most threats is to use a good antivirus software from a reputable vendor and always keep it up-to-date.

Almost all antivirus vendors have already added detection capability to block WannaCry, as well as to prevent the secret installations from malicious applications in the background.

6. Be Suspicious of Emails, Websites, and Apps

So, you should always exercise caution when opening uninvited documents sent over an email and clicking on links inside those documents unless verifying the source to safeguard against such ransomware infection.

Also, never download any app from third-party sources, and read reviews even before installing apps from official stores.

7. Regular Backup your Files:

To always have a tight grip on all your important documents and files, keep a good backup routine in place that makes their copies to an external storage device which is not always connected to your computer.

That way, if any ransomware infects you, it can not encrypt your backups.

8. Keep Your Knowledge Up-to-Date

There's not a single day that goes without any report on cyber attacks and vulnerabilities in popular software and services, such as Android, iOS, Windows, Linux and Mac Computers as well.

So, it’s high time for users of any domain to follow day-to-day happening of the cyber world, which would not only help them to keep their knowledge up-to-date, but also prevent against even sophisticated cyber attacks.

What to do if WannaCry infects you?

Well, nothing.

If WannaCry ransomware has infected you, you can’t decrypt your files until you pay a ransom money to the hackers and get a secret key to unlock your file.

Never Pay the Ransom:

It’s up to the affected organizations and individuals to decide whether or not to pay the ransom, depending upon the importance of their files locked by the ransomware.

But before making any final decision, just keep in mind: there's no guarantee that even after paying the ransom, you would regain control of your files.

Moreover, paying ransom also encourages cyber criminals to come up with similar threats and extort money from the larger audience.

Who's Behind WannaCry & Why Would Someone Do This?

While it's still not known who is behind WannaCry, such large-scale cyber attacks are often propagated by nation states, but this ongoing attack does not bear any link to foreign governments.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," said Europol, Europe's police agency.

Why are they hijacking hundreds of thousands of computers around the globe? Simple — to extort money by blackmailing infected users.

By looking at the infection rate, it seems like the criminals responsible for this absurd attack would have made lots and lots of dollars so far, but surprisingly they have made relatively little in the way of profits, according to @actual_ransom, a Twitter account that’s tweeting details of every single transaction.

At the time of writing, the WannaCry attackers have received 171 payments totaling 27.96968763 BTC ($47,510.71 USD).

Who is responsible for WannaCry Attack?

— Is it Microsoft who created an operating system with so many vulnerabilities?

— Or is it the NSA, the intelligence agency of the United States, who found this critical SMB vulnerability and indirectly, facilitates WannaCry like attacks by not disclosing it to Microsoft?

— Or is it the Shadow Brokers, the hacking group, who managed to hack the NSA servers, but instead of reporting it to Microsoft, they decided to dump hacking tools and zero-day exploits in public?

— Or is it the Windows users themselves, who did not install the patches on their systems or are still using an unsupported version of Windows?

I do not know who can be blamed for this attack, but according to me, all of them shares equal responsibility.

Microsoft Blames NSA/CIA for WannaCry Cyber Attack

Microsoft has hit out at the US government for facilitating cyber attacks, like WannaCry, by not disclosing the software vulnerabilities to the respective vendors and holding them for their benefits, like global cyber espionage.

In a blog post on Sunday, Microsoft President Brad Smith condemned the US intelligence agencies’ unethical practices, saying that the "widespread damage" caused by WannaCry happened due to the NSA, CIA and other intelligence agencies for holding zero-days and allowing them to be stolen by hackers.

"This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," Smith said.

This statement also publicly confirms that the hacking tools and exploits leaked by the Shadow Brokers belong to Equation Group, an elite group of hackers from NSA.

"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith wrote.

You Should Thank These Experts

When the outbreak of WannaCry ransomware started on Friday night, It had already infected at least 30,000 computers worldwide, and at that moment nobody had an idea what’s happening and how the ransomware can spread itself like a worm so quickly.

Since then, in last three days, some cybersecurity experts and companies are continuously working hard, day and night, to analyze malware samples to find every possible way to stop this massive attack.

The difference between cyber crime, cyber espionage and cyber war is a matter of a few keystrokes. They use the same techniques.
These were the words of Richard Clarke, chairman of Good Harbor Consulting, during his keynote at the RSA Europe 2010 conference, being held in London this week.

Giving background, he said cyber crime is not a theory, it goes on every day. “Just two weeks ago, there were arrests of a cyber cartel in the US. However, those arrested were students, acting as mules. To be a mule all they have to do is open a bank account and allow money to flow in and out of it. They are on the lowest level of the cyber crime structure.”
This is typically the situation in cyber crime, explained Clarke. “These cartels are often based in Moldova, Estonia, Belarus or Russia. Once there has been an investigation, often long and complicated, using warrants to search computers and servers, crimes are traced back to these countries. However, when the investigators ask for co-operation from these countries, none is forthcoming. They have become, in effect, cyber sanctuaries.”
As long as the attacks happen outside their countries, he added, and the cyber criminals give the police kickbacks, they turn a blind eye. This can also take on a more sinister tone, as when governments need a friendly hacker to attack another nation they use these cyber criminals and gain a little plausible deniability when a finger is pointed at them.
“This is not dissimilar to the situation that arose about money laundering,” added Clarke. “Countries that traditionally used to launder money were approached, and given a set of norms established to prevent the problem, and standards for enforcement. Nothing happened until they were approached again, and threatened with consequences, such as the devaluation of their currency.”
The same can be done for cyber crime, he stated. “If they don't live up to the standards there will be consequences. For example, we could limit traffic in and out of those countries, or filter and monitor that traffic. At the moment, nothing is being done. The fact is today, cyber crime pays.”
In fact, Clarke said cyber criminals are making so much money they are hiring computer scientists to alter hardware or firmware that is being produced to ensure they will have a backdoor to exploit through an existing flaw.
“Who are the victims here?” he asked. “Traditionally, the banks are seen as victims as they usually pay out losses to customers. However, the banks filter those costs down to their customers. We are paying the price.”

Clarke said cyber criminals break into networks and steal identifications, money, and credentials. Cyber espionage has two flavours. Firstly, you see industrial espionage. “This goes on all the time – we get cyber criminals committing cyber espionage for hire.”
Major corporations hire business intelligence firms to get them information on their competitors, and too often are not fussy about where the intelligence comes from, he explained. In this case, things stolen will include industrial designs, chemical formulas, new product information or release information, aerospace information and so on.”
Clarke cited as an example the recent Google hack that was traced to attacks on 3 000 other US companies, all of which had updated AV, intrusion detection, intrusion prevention, firewalls and similar. Many of these companies were spending tens or hundreds of millions a year on cyber security.
More worrying though, he said, was the fact that most companies in the US that knew they had been attacked were informed by a source outside the company. “When people come into your network to copy information, the information is still there. It's not like an art heist where the painting is missing from the wall. This makes it much harder to detect. The network will look as if no one has been on it. Terabytes of information could have left the system.”
Occasionally people do see it. He said recently a very advanced cyber research facility discovered they were being hacked, and could only stop it by pulling the plug. Each block they instituted was counter-attacked. As a result they were offline for days.
“If this is happening to such advanced companies, what is happening to less sophisticated organisations? They are losing information, including vital data such as source codes for operating systems and routers. How then do you protect the network?”

Clarke posed the question, “What is the difference then, between cyber espionage, and cyber warfare.”
The answer: a few keystrokes. “The same techniques apply. What is cyber warfare? Going into someone else's network, with the intent of damaging, disrupting or destroying.”
He said the US conducted an experiment, accessing the Internet, then an intranet, then into a SCADA system, to manipulate a generator, causing it to explode. This can be done.
Clarke cited some potential consequences from hacking and controlling SCADA systems. “You could cause trains to derail, blow up generators, melt power lines. The recent pipeline in San Francisco, which is still being investigated, could have happened as a result of this. The control system can be made to appear perfectly normal, while the functionality is being messed with, by blocking one end of the pipeline, causing it to explode.”
Think of the damage that could be done to financial institutions or stock exchanges, said Clarke. The recent debacle where the US stock exchange went down, with stocks gaining and losing extreme value for an hour, and being closed down, could have resulted from this. “Their solution? Pretend it had never happened.”
Neither of these, however, are examples of intentional attack. “Stuxnet is the first example of a malicious attack involving SCADA systems. It made use of four zero-day vulnerabilities. However, most unusual, was its use of built-in controls, limiting its replication, where it would attack and similar. It was after Siemens Win CC systems, not broader SCADA systems. It was narrowly targeted, like a guided missile.”
The question is, he said, is cyber war about to happen tomorrow? No. “Nation states don't rush out and use their new toys. They put them in the inventory for when they need them. It does mean that should they get into a conflict situation, instead of using a cruise missile, they could launch a cyber attack. I cannot imagine a scenario, for example, where the US or the UK would be involved in a war with Russia or China.”
Also, Clarke advised to bear in mind that Stuxnet was targeted at Iran. “For some time, the Iranian nuclear weapons programme has been causing controversy across the world. Sanctions have been passed to prevent them from producing nuclear weapons.
“It's not hard to imagine a scenario where the US, Israel and Iran are fighting each other. If bombs were falling on Iranian soil, would they be satisfied with only retaliating at home? Wouldn't they want to attack the US? Iran could launch a cyber attack that could cripple systems in the US. No one has a great cyber defence. The fact that the US could retaliate doesn't really matter.
“In all countries we have to stop worrying about cyber war on the offence, and start worrying about it on the defence. We need plans – strategy doesn't really tell you how to defend the country in the event of a cyber attack.”
What too, of cyber peace?, he asked. “What about treaties or agreements? If you don't begin the process you'll never get there. Sure it takes a while, as did the nuclear arms treaties, but you have to start somewhere. We can have cyber arms control agreements that will make us safer.
“One last thing,” he concluded. “Instead of spending money on security solutions, maybe we need to seriously think of redesigning network architecture, giving money for research into the next protocols, maybe even think about another, more secure Internet.”

THN Deals Store this week brings you the Cybersecurity Certification Mega Bundle, which will walk you through the skills and concepts you need to master three elite cybersecurity certification exams: CISA, CISM, and CISSP [...]

It’s not a mystery, every nation is worried of the level of security of its infrastructure, the United States are among the most concerned governments due the high number of cyber-attack against its networks.

US Government representative such us former States Secretary of Defense Leon Panetta and Secretary of Homeland Security Janet Napolitano warned in more than one occasion on the possible consequences of a cyber offensive and declared the necessity to improve the cyber capabilities of the country.

Senators are interested to evaluate the level of protection of nuclear stockpile of foreign governments against cyber attacks, question has been raised after that Pentagon's chief cyber officer admitted to ignore if countries such as Russia or China have adopted efficient countermeasures.

Nelson and Armed Services Committee Chairman Sen. Carl Levin, D-Mich. will request to national intelligence an assessment about the ability of foreign states to safeguard networked nuclear systems.

"In this new world of cyber threats, we of course have to be responsible for ours, but we have to worry about those others on the planet that have a nuclear strike capability, of protecting theirs against some outside player coming in and suddenly taking over their command and control," Nelson declared.

Last week Defense Science Board (DSB), a Federal Advisory Committee, published a report titled “Resilient Military Systems and the Advanced Cyber Threat”, the document presented alarming scenarios on US nation’s military considered unprepared for a full-scale cyber-conflict.

The analysis proposed by DSB alerts Pentagon on the necessity to improve cyber capabilities, top-tier adversary represents a serious menace in case of cyber war, the analyst believe various initiatives conducted by US Government not sufficient to face with sophisticated cyber attacks by hostile countries. The report remarks that Defense Department “is not prepared to defend against these threats” and its effort leak of a proper coordination, the document also alert central authorities on a “fragmented” dispersion of commitments.

“Current DoD actions, though numerous, are fragmented. Thus, DoD is not prepared to defend against this threat DoD red teams, using cyber attack tools which can be downloaded from the Internet, are very successful at defeating our systems The study by the Defense Science Board urges the intelligence community to maintain the threat of a nuclear strike as a deterrent to a major cyber attack.”

“DoD needs to take the lead and build an effective response to measurably increase confidence in the IT systems we depend on (public and private) and at the same time decrease a would-be attacker’s confidence in the effectiveness of their capabilities to compromise DoD systems” “the relative ease that our Red Teams have in disrupting, or completely beating, our forces in exercises using exploits available on the Internet; and the weak cyber hygiene position of DoD networks and systems”

The statements are concerning, attackers don’t need sophisticated computing platforms to hit the country in its vital centers, the technologies are readily available on Internet.

Chief of U.S. Strategic Command, Gen. C. Robert Kehler, which oversees Cyber Command highlighted the need of intelligence activities to evaluate security level of foreign infrastructures but he remarked the necessity to evaluate the potential for a cyber-related attack on U.S. nuclear command and control systems and the weapons systems.

The high official admitted to hasn’t information on capabilities of other governments to response to a cyber offensive against its nuclear plants and arsenal. A cyber attacks could hit directly control system of a critical infrastructure, but it could also compromise military system such as an intercontinental missile that could be directly against other resources of the country.

"What about the Russians and the Chinese? Do they have the ability to stop some cyber-attack from launching one of their nuclear intercontinental ballistic missiles?" probed Sen. Bill Nelson, D-Fla., a member of the Armed Forces Committee.

"Senator, I don't know," answered Kehler, who was testifying on Tuesday at a committee hearing.

As reported in the in the report of Defense Science Board the attacks against US infrastructures, including weapons of defense, could be conducted by various actors, state sponsored attacks appears to be most interested but intelligence is aware of the menace represented by cyber terrorist and cyber criminals.

Cyber terrorism is one of the aspect most debated in this moment, hit a critical infrastructure with a cyber attacks has the same effect as a conventional attack, but it has the advantage of being easier to manage. The recruitment of cyber mercenaries and the availability of tools in internet and in the underground that could be used by attackers to cause considerable damage, as demonstrated by the U.S. cyber units, may increase the risk related to the conduction of cyber attack for terrorist purposes.

We read on news paper world such as cyber “9/11” and “cyber doomsday” words that evoke death, destruction and scary scenarios but above all describe a real danger not to be underestimated, that’s why top U.S. intelligence official, in another Senate chamber, named cyber first on his list of current transnational threats.

An article on Nextgov portal states: “There is a danger that unsophisticated attacks by highly motivated actors would have “significant outcomes due to unexpected system configurations and mistakes” or that a vulnerability in one spot “might spill over and contaminate other parts of a networked system," James Clapper, national Intelligence director, testified before the Intelligence Committee on Tuesday. “

What’s about U.S. command and control systems nuclear weapons platforms security?

Gen. C. Robert Kehler is cautiously optimistic, he is confident U.S. command and control systems and nuclear weapons platforms "do not have a significant vulnerability", the official also remarked that meanwhile there is a “fairly decent transparency" with Russian government officials on missile capabilities it’s not the same with China.

My interpretation of the words of General suggests that despite the opening to the two governments, there is much work to be conducted under its diplomatic profile in the definition and unanimous acceptance of a framework to regulate the use of cyber weapons that menace security of critical systems. We are in an extremely critical period of transition, most of the governments work for the production of cyber weapons and conduct cyber espionage campaign undercover. Alongside to historical powers such as Russia and China there are dangerous states such as Iran and North Korea and a plethora of independent actors represented by cyber terrorists and cyber criminals, so it is crucial to know the capabilities of the opponents but also enhance their own.

China has something very impressive that we are not aware of. The country has a powerful and previously unknown weapon that its government is using to bolster their cyber attack capabilities:

Dubbed "The Great Cannon."

INTERNET CENSORSHIP IN CHINA

When I talk about Internet censorship, it is incomplete if I don't mention China. China is famous for its Great Wall of China and Great Firewall of China. The censoring of Internet access and blocking an individual website in China by its government, known as the Great Firewall of China.

But, why the Chinese government does that? The answer is very simple:

The Chinese government restricts those contents it deems sensitive for its country's so-called democracy. It illegalize certain online speech and activities, block selected websites, and filter keywords out of searches initiated from computers located in Mainland China.

The worse:

Those Chinese citizens who offend authorities against Internet censorship in the country can also face judicial consequences.

GreatFire.org – Anti-censorship tool, hosted on GitHub, used to help Chinese citizens circumvent The Great Firewall Of China.

CN-NYTimes – A group on Github that hosts New York Times mirrors to allow Chinese netizens access to the news website, which is normally blocked in China.

But, how did the Chinese manage to produce DDoS attacks of so much strength and Bandwidth?

Yes, the answer is the "Great Cannon" (GC). Chinese government is now using a new cyber weapon in an effort to silence not only its citizens, but critics around the world, according to the latest report released by Citizen Lab.

THE GREAT CANNON – A NEW POWERFUL WEAPON

What's the Great Cannon?

The Great Cannon is a special cyber attack tool essentially capable of hijacking Internet traffic at the national level and then direct that traffic at targeted networks the attackers want to knock offline, sending back spyware or malware, or using the target to flood another website with traffic.

It is believed that Github's attackers used the Great Cannon as a DDoS attack tool to redirect the Internet traffic of visitors to Chinese search engine giant 'Baidu' or any website that used Baidu’s extensive Advertisement network in order to cripple the popular code-sharing website.

In simple words:

Those visiting a Baidu-affiliated website from anywhere in the world were vulnerable to getting their Internet traffic hijacked by the attackers, which could then be turned into a weapon to flood anti-censorship websites, like GitHub, with too much of junk traffic.

Let’s have a look on how the Great Cannon was deployed in the GitHub and GreatFire.org attacks:

HOW THE GREAT CANNON WORKS?

The Great Cannon works by intercepting data which is sent between two nodes and then redirecting the data to a third one. This powerful cyber weapon seems to leverage an analytic script, which is commonly distributed by the Chinese search engine Baidu.

Now:

Generally this script is not malicious, but according to Citizen Lab, the Cannon's creators tampered with the script code a little bit in order to redirect the user to Github, instead of sending a data packet, thus flooding the target website with traffic from unsuspecting users.

The weapon is also capable of producing a full-fledged man-in-the-middle (MITM) attack, so it could also be used to intercept unencrypted emails.

It makes me remind of:

QUANTUM – an NSA's similar weapon that was capable to redirect victims to fake websites containing malware served through unencrypted sites using Man in the middle attacks to a spoofed server, which can respond faster than the real one that is placed somewhere on the Internet backbone.

These secret Internet backbone nodes, which the National Security Agency, dubbed Quantum nodes.

What's more:

This new move by Chinese government could signal a trouble in China's online behavior – Shifting from the passive censorship of the Great Firewall of China to the active censorship by readily attacking foreign websites with the Great Cannon.

Cyber attacks originating in China are not at all surprising. But...

..."the operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of a [cyber] attack tool to enforce censorship by weaponizing users," the security researchers from the University of Toronto and University of California wrote in a report published Friday.

MEASURES TO MITIGATE THE GREAT CANNON

According to the researchers, the Great Cannon weapon used by Chinese authorities could be neutralized to a great extent if the websites communicate over encrypted HTTPS connections.

Why? The reason:

Those websites whose communications are end-to-end encrypted is difficult to modify for an attacker sitting in between the sender & the receiver, unless and until those websites are not loading files or resources via unencrypted i.e. non-HTTPS connections.

You drive to work in your Smart-Car connected to the GPS automatically, but a hacker breaks into your car's network, takes control of the steering wheel, crashes you into a tree, and BOOM!

Believe it or not, such cyber attacks on smart devices are becoming reality.

Car Hacking was recently demonstrated by a pair of security researchers who controlled a Jeep Cherokee remotely from miles away, which shows a rather severe threat to the growing market of the Internet of Things (IoT).

Internet of Things (IoT) — A technology that connects objects to a network or the Internet, and enables interaction among varied devices such as:

Few days back, I had read about Smart Dustbins that are the latest smart objects to become Wi-Fi-enabled.

Internet of Things to make Cities Smart or Dumb?

Cities around the world are becoming increasingly smarter and more connected to the Internet in an attempt to add convenience and ease to daily activities.

By 2020, there will be more than 50 Billion Internet-connected devices that will transform the way we live and work.

However, every new technology and innovation bring new challenges and problems. In this article, I am focusing on cyber security related issues that are currently affecting or will affect our smart life in the near future.

We all know that everything connected to the Internet is vulnerable and can be supposedly compromised, and as the number of Internet-connected devices is increasing, the potential security challenges of IoT devices can no longer be ignored.

Top 7 Smart Cities Prone to Cyber Attacks

Below is the list of Top 7 developed smart cities around the world, but also labelled as the most vulnerable Cities to Cyber threats:

Santander, Spain

New York City, USA

Aguas De Sao Pedro, Brazil

Songdo, South Korea

Tokyo, Japan

Hong Kong

Arlington County, Virginia, USA

These Cities become smarter by deploying new technologies like:

Smart street lights: Centrally managed and can adapt to weather conditions, report problems, or be automated by time of the day.

Smart Public Transportation and Traffic control Systems adjust traffic lights based on current traffic conditions.

Smart parking application to find available parking slots.

Smart Water and Energy Management, provides information regarding the quality of air, water needs.

Sadly these cities are implementing new technologies without first testing cyber security.

In case if a cyber attack on these smart cities causes an inadequate supply of electricity or water, dark streets, or/and no cameras. Then how would citizens respond to it?

I guess such attack would cause a lot of chaos in the city.

People residing in such a city might face a panic attack when they are made slaves of their "cyber masters/criminals."

As hackers may bring more sophisticated viruses to you that a day comes when you plan to go to a movie on a Friday night, all set to go, but your house keys are in the hands of your master sitting in some other country!

Cyber Attacks Leverages Internet of Things

Smart devices such as traffic and surveillance cameras, meters, street lights, traffic lights, smart pipes, and sensors are easy to implement, but are even easier to hack due to lack of stringent security measures and insecure encryption mechanisms.

Last year, we saw a real cyber attack scenario involving IoTs in which hackers compromised more than 100,000 Smart TVs, Refrigerator, and other smart household appliances to send out millions of malicious spam emails.

Modus Operandi of a Cyber Criminal

A vulnerability in the technology, when comes in the sight of a person with malicious intent, poses as a threat and as the threat/risk associated with the system (to be compromised) is bypassed takes the form of an attack.

With the technological shift in the lives of the people from desktop PCs to mobiles, wearables and now to IoT devices, cyber criminals are also focusing on all sorts of threats to compromise them.

In one of our introductory articles to IoT we discussed about the desktop viruses coming our way through refrigerators and home appliances, therefore, emphasis is to be paid on the type of threats that can affect our digital appliances, including Ransomware, Spyware, DDoS attacks, and many more.

So, in such a scenario where every single object is dependent on the network and making our lives comfortable can be of a kind where sooner or later we are going to become "Digitally Handicapped."

No doubt, the IoT devices are said to be the next evolutionary step in our connected world and will incredibly grow, but it is very much possible to see cyber-criminals exploiting and compromising them.

By saying this, we are not making your lives more vulnerable; rather a secure one.